How do I create a new self-signed certificate?

how do i create a self signed certificate

Solution

Answer/Solution:

A 100-month self-signed certificate is automatically created by MOVEit Central's installation program and used to secure communications involving remote Admin or API connections.  However, this certificate may expire and need to be replaced.

MOVEit DMZ's installation program also creates and selects a 90-day self-signed certificate (to be used during an evaluation phase).  An SSL certificate signed by a commercial CA should be used when MOVEit DMZ is used in a production environment, but it is also possible to continue to use self-signed certificates almost indefinitely.

This article describes how to create new self-signed certificates to secure all MOVEit Central Admin/API communications or secure MOVEit DMZ FTP and HTTPS communications in a non-production environment.

Common Errors:

MOVEit Central:

  • Error 126 when trying to connect to MOVEit Central via MOVEit Central Admin remotely.
  • No response from MOVEit Central after secure connection attempt fails and you have opted to try the connection insecurely.

MOVEit DMZ:

  • Security Handshake Errors when trying to connect.

Verification:

Verify the SSL cert is expired prior to creating a new SSL certificate.

On MOVEit Central, use the "MOVEit Central Config" utility and check the "General" tab for the currently assigned certificate.  If you see a certificate like "OU=Testing, CN=name.of.my.computer" here, you are probably using the self-signed certificate created by MOVEit Central.  (If not, select the "Local Machine - My Personal" certificate named after your computer.)  Open this certificate and look for the "Expiration" date.

On MOVEit DMZ, use the "MOVEit DMZ Config" utility ("FTP Certs" tab) and/or the IIS Manager

to perform the same operation.

MOVEit Central

1. Download SelfCert_*.zip from "MOVEit/Central/Extras" on http://my.ipswitchft.com and extract the "selfcert.exe" and "selfcert.bat" files from the zip archive into your "C:\Program Files\MOVEit" directory.

2. Open a command prompt and CD in to the "C:\Program Files\MOVEit" directory.  Run selfcert.bat to automatically recreate a default cert for 120 months.   (Otherwise, you can run selfcert.exe from a command prompt.  For example, "SelfCert.exe -c 120", will create a certificate good for 120 months.)

3. Check the new certificate through the same procedure from the previous verification directions.

4. Start the MOVEit Central Config program and then click the selection box and pick the new certificate under the Local Machine->Certificates section.

MOVEit DMZ

1. Download SelfCert_*.zip from "MOVEit/Central/Extras" on http://my.ipswitchft.com  and extract the "selfcert.exe" and "selfcert.bat" files from the zip archive into your "C:\Program Files\MOVEit" directory.

2. Open a command prompt and CD in to the "C:\Program Files\MOVEit" directory.  Run selfcert.bat to automatically recreate a default cert for 120 months.   (Otherwise, you can run selfcert.exe from a command prompt.  For example, "SelfCert.exe -c 120", will create a certificate good for 120 months.)

3.  Check the new certificate through the same procedure from the previous verification directions.

4.  Start the IIS Manager, right-click the "moveitdmz" site and select properties.  Then click on the directory security tab and click "server certificate".  Select to replace the certificate and pick the newly created certificate from the wizard.

5. Start the MOVEit DMZ Config program.  Click the FTP Certs tab, then click the selection box and pick the new certificate under the Local Machine->Certificates section.

Source: ipswitchft.force.com

Category: Insurance

Similar articles: